Benedek Gagyi

XXSS: Exotic Cross-Site Scripting vectors

XSS is one of the most well known attacks on the web, perhaps second only to SQL injection. While the general idea behind it is relatively simple, due to the colorfulness of the web and the quirks of the browsers it has a surprising depth to it.
In this talk we'll journey deep down the rabbit hole of XSS attacks and take a look at all the weird ways malicious inputs may hurt our users, from the non-JS based injections (CSS, HTML, image) through mXSS, up to blind XSS.

Speaker Bio

Developer, teacher, sports-fanatic. In his free time, he's researching the patterns and algorithms connecting basketball, tea and drums. His devotion to impeccable and secure user experience is rivaled only by his constant search for the perfect brew of Chinese pu'er.